World governments now primary sources of breaches

Healthcare and government have overtaken the retail sector as most-targeted for data breaches, according to security firm Gemalto.

A total of 1,673 data breaches led to 707 million data records being compromised worldwide during 2015, according to the latest edition of Gemalto’s Breach Level Index report.

Not all breaches are equally serious and the number of records disclosed is only one metric. Gemalto’s study attempts to recognise this by assigning a severity score to each breach based on factors including the type of data and the number of records compromised, the source of the breach, and whether or not the data was encrypted. The methodology aims to distinguish nuisances from high impact mega breaches.

More than 3.6 billion data records have been exposed since 2013, when Gemalto began benchmarking publicly disclosed data breaches. In 2015, malicious outsiders (ie, hackers) were the leading source of these breaches, accounting for 964, or 58 per cent of breaches and 38 per cent of compromised records. Accidental loss or exposure of data records accounted for 36 per cent of all records.

The number of state-sponsored attacks accounted for two per cent of data breach incidents, but the number of records compromised as a result of those attacks made up 15 per cent of all records exposed.

The disproportionate impact of a small number of breaches is partly explained by the high impact breach at the United States Office of Personnel Management (OPM), which exposed the personal details of multiple government employees and leaked all manner of sensitive information from background checks and related documents. Malicious insiders accounted for 14 per cent of all data breaches and just seven per cent of compromised records.

In terms of geographic regions, 59 per cent of all reported breach incidents happened in the United States. Europe accounted for 12 per cent of overall breach incidents, followed by the Asia Pacific region at eight per cent.

Identity theft remained the primary type of breach, accounting for 53 per cent of data breaches and 40 per cent of all compromised records.

Did retail leakiness dip, or did governments get a whole lot leakier? text

The government sector accounted for 43 per cent of compromised data records, a five-fold increase over 2014 due to several very large data breaches in the United States and Turkey, and 16 per cent of all data breaches. The healthcare sector accounted for 19 per cent of total records compromised and 23 per cent of all data breaches.

By contrast, the retail sector witnessed the number of stolen data records dropping 93 per cent year-on-year, so that it accounted for just six per cent of stolen records and 10 per cent per cent of the total number of breaches in 2015.

This is in large part because 2014 was a particularly horrible year for data breaches in the retail sector, with problems at Home Depot and others skewing numbers towards the stratosphere. The financial services sector also saw a nearly 99 per cent drop, representing just 0.1 per cent of compromised data records and 15 per cent of the total number of breaches.

They're not trying to crack your bank account - and that's bad news for you

Criminal hackers over the last year or so have shifted their focus away from traditional credit card fraud and towards stealing personal information in furtherance of identity theft. This change is bad news for both consumers and businesses alike, according to Gemalto.

"In 2014, consumers may have been concerned about having their credit card numbers stolen, but there are built-in protections to limit the financial risks," said Jason Hart, Vice President and chief technology officer for data protection at Gemalto. "However, in 2015 criminals shifted to attacks on personal information and identity theft, which are much harder to remediate once they are stolen.”

“As companies and devices collect ever-increasing amounts of customer information and as consumers' online digital activities become more diverse and prolific, more data about what they do, who they are and what they like is at risk to be stolen from the companies that store their data.

"If consumers' entire personal data and identities are being co-opted again and again by cyber thieves, trust will increasingly become the centrepiece in the calculus of which companies they do business with,” he added. ®